{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-02-06T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-10T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=759548"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429"}, {"name": "RHSA-2012:0099", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0099.html"}, {"tags": ["x_refsource_MISC"], "url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660"}, {"tags": ["x_refsource_MISC"], "url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264"}, {"name": "RHSA-2012:0100", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0100.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:23:38.555Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=759548"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429"}, {"name": "RHSA-2012:0099", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0099.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264"}, {"name": "RHSA-2012:0100", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0100.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4930", "datePublished": "2014-02-10T17:00:00", "dateReserved": "2011-12-23T00:00:00", "dateUpdated": "2024-08-07T00:23:38.555Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:condor_project:condor:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE91D459-EF92-430A-98E8-1131D8BD8682", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0C54D26-9124-49E6-8EBA-00AE0640633A", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "4F3AD33E-A617-4C13-8858-7DCEDE3FDC87", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "C66F0D08-3AE5-482A-B6AD-717475EB2D9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "FDAC286B-A140-44E8-9B29-60B96A6B4555", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "14883865-8C31-4D40-B969-D61FE18920C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F44106D-CD31-4FF2-A589-A7A7492FC0CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D973598A-90C0-4AE0-A047-17866BD6DC46", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "05A424B0-D3AF-4AF6-8575-4AD6B8E91E51", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B7AA2890-BEC9-4AD6-AF74-6EC810E22AEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "68301687-793B-4A68-B1FB-A2B941A230C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "55E4CE41-D1AF-4187-AA26-FCDEA2F52E0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "8464E672-FEB8-4EC2-97EA-D6615DB22F28", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E2260133-CF29-4F2F-A05E-ED5FF10F190A", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "DF8B138A-F2DF-4B12-8B00-CC234D7E4BFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "33F6FDB7-FB85-4879-81E8-CBC0BA027C85", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "1A225C35-3DF2-4C5A-B3D6-BC70FCB6C241", "vulnerable": true}, {"criteria": "cpe:2.3:a:condor_project:condor:7.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "E4BA94AB-761B-44BB-A188-FC609789BF30", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*", "matchCriteriaId": "9396E005-22D8-4342-9323-C7DEA379191D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "60D3DD4A-2984-4929-BF6A-30B8CE9B2974", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de cadena de formato en Condor 7.2.0 hasta 7.6.4 y posiblemente ciertas versiones 7.7.x, como las utilizadas en Red Hat MRG Grid y posiblemente otros productos, permiten a usuarios locales causar una denegaci\u00f3n de servicio (demonio condor_schedd y fallo en el lanzamiento de trabajos) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cadena de especificadores de formato en (1) la raz\u00f3n de un retraso en un trabajo que utiliza un registro de usuario XML, (2) el nombre de un archivo pendiente de transferir y posiblemente otros vectores no especificados."}], "id": "CVE-2011-4930", "lastModified": "2024-11-21T01:33:19.287", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-10T18:15:09.310", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-0099.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-0100.html"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=759548"}, {"source": "secalert@redhat.com", "url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867"}, {"source": "secalert@redhat.com", "url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264"}, {"source": "secalert@redhat.com", "url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429"}, {"source": "secalert@redhat.com", "url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-0099.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-0100.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=759548"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2012:0100", "cpe": "cpe:/a:redhat:enterprise_mrg:2::el5", "package": "condor-0:7.6.5-0.12.el5", "product_name": "MRG for RHEL-5 v. 2", "release_date": "2012-02-06T00:00:00Z"}, {"advisory": "RHSA-2012:0100", "cpe": "cpe:/a:redhat:enterprise_mrg:2::el5", "package": "condor-ec2-enhanced-0:1.3.0-1.el5", "product_name": "MRG for RHEL-5 v. 2", "release_date": "2012-02-06T00:00:00Z"}, {"advisory": "RHSA-2012:0100", "cpe": "cpe:/a:redhat:enterprise_mrg:2::el5", "package": "condor-ec2-enhanced-hooks-0:1.3.0-1.el5", "product_name": "MRG for RHEL-5 v. 2", "release_date": "2012-02-06T00:00:00Z"}, {"advisory": "RHSA-2012:0100", "cpe": "cpe:/a:redhat:enterprise_mrg:2::el5", "package": "condor-wallaby-base-db-0:1.19-1.el5", "product_name": "MRG for RHEL-5 v. 2", "release_date": "2012-02-06T00:00:00Z"}, {"advisory": "RHSA-2012:0100", "cpe": "cpe:/a:redhat:enterprise_mrg:2::el5", "package": "cumin-0:0.1.5192-1.el5", "product_name": "MRG for RHEL-5 v. 2", "release_date": "2012-02-06T00:00:00Z"}, {"advisory": "RHSA-2012:0100", "cpe": "cpe:/a:redhat:enterprise_mrg:2::el5", "package": "python-psycopg2-0:2.0.14-3.el5", "product_name": "MRG for RHEL-5 v. 2", "release_date": "2012-02-06T00:00:00Z"}, {"advisory": "RHSA-2012:0100", "cpe": "cpe:/a:redhat:enterprise_mrg:2::el5", "package": "ruby-spqr-0:0.3.5-1.el5", "product_name": "MRG for RHEL-5 v. 2", "release_date": "2012-02-06T00:00:00Z"}, {"advisory": "RHSA-2012:0100", "cpe": "cpe:/a:redhat:enterprise_mrg:2::el5", "package": "wallaby-0:0.12.5-1.el5", "product_name": "MRG for RHEL-5 v. 2", "release_date": "2012-02-06T00:00:00Z"}, {"advisory": "RHSA-2012:0099", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "condor-0:7.6.5-0.12.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-02-06T00:00:00Z"}, {"advisory": "RHSA-2012:0099", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "condor-ec2-enhanced-0:1.3.0-1.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-02-06T00:00:00Z"}, {"advisory": "RHSA-2012:0099", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "condor-ec2-enhanced-hooks-0:1.3.0-1.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-02-06T00:00:00Z"}, {"advisory": "RHSA-2012:0099", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "condor-wallaby-base-db-0:1.19-1.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-02-06T00:00:00Z"}, {"advisory": "RHSA-2012:0099", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "cumin-0:0.1.5192-1.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-02-06T00:00:00Z"}, {"advisory": "RHSA-2012:0099", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "ruby-spqr-0:0.3.5-1.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-02-06T00:00:00Z"}, {"advisory": "RHSA-2012:0099", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "wallaby-0:0.12.5-1.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-02-06T00:00:00Z"}], "bugzilla": {"description": "Condor: Multiple format string flaws", "id": "759548", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=759548"}, "csaw": false, "cvss": {"cvss_base_score": "5.2", "cvss_scoring_vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "status": "verified"}, "details": ["Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors."], "name": "CVE-2011-4930", "package_state": [{"cpe": "cpe:/a:redhat:enterprise_mrg:1", "fix_state": "Affected", "package_name": "grid-condor", "product_name": "Red Hat Enterprise MRG 1"}], "public_date": "2012-02-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-4930\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-4930\nhttp://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0001.html"], "threat_severity": "Moderate"}